/** * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "mod_lua.h" #include #include #include #include "lua_apr.h" #include "lua_config.h" #include "apr_optional.h" #include "mod_ssl.h" #include "mod_auth.h" #ifdef APR_HAS_THREADS #include "apr_thread_proc.h" #endif APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ap_lua, AP_LUA, int, lua_open, (lua_State *L, apr_pool_t *p), (L, p), OK, DECLINED) APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ap_lua, AP_LUA, int, lua_request, (lua_State *L, request_rec *r), (L, r), OK, DECLINED) static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *lua_ssl_val = NULL; static APR_OPTIONAL_FN_TYPE(ssl_is_https) *lua_ssl_is_https = NULL; module AP_MODULE_DECLARE_DATA lua_module; #define AP_LUA_HOOK_FIRST (APR_HOOK_FIRST - 1) #define AP_LUA_HOOK_LAST (APR_HOOK_LAST + 1) typedef struct { const char *name; const char *file_name; const char *function_name; ap_lua_vm_spec *spec; apr_array_header_t *args; } lua_authz_provider_spec; apr_hash_t *lua_authz_providers; /** * error reporting if lua has an error. * Extracts the error from lua stack and prints */ static void report_lua_error(lua_State *L, request_rec *r) { const char *lua_response; r->status = HTTP_INTERNAL_SERVER_ERROR; r->content_type = "text/html"; ap_rputs("Error!\n", r); ap_rputs("

", r); lua_response = lua_tostring(L, -1); ap_rputs(lua_response, r); ap_rputs("

\n", r); ap_log_perror(APLOG_MARK, APLOG_WARNING, 0, r->pool, APLOGNO(01471) "Lua error: %s", lua_response); } static void lua_open_callback(lua_State *L, apr_pool_t *p, void *ctx) { ap_lua_init(L, p); ap_lua_load_apache2_lmodule(L); ap_lua_load_request_lmodule(L, p); ap_lua_load_config_lmodule(L); } static int lua_open_hook(lua_State *L, apr_pool_t *p) { lua_open_callback(L, p, NULL); return OK; } static const char *scope_to_string(unsigned int scope) { switch (scope) { case AP_LUA_SCOPE_ONCE: case AP_LUA_SCOPE_UNSET: return "once"; case AP_LUA_SCOPE_REQUEST: return "request"; case AP_LUA_SCOPE_CONN: return "conn"; #if APR_HAS_THREADS case AP_LUA_SCOPE_THREAD: return "thread"; #endif default: ap_assert(0); } } static ap_lua_vm_spec *create_vm_spec(apr_pool_t **lifecycle_pool, request_rec *r, const ap_lua_dir_cfg *cfg, const ap_lua_server_cfg *server_cfg, const char *filename, const char *bytecode, apr_size_t bytecode_len, const char *function, const char *what) { apr_pool_t *pool; ap_lua_vm_spec *spec = apr_pcalloc(r->pool, sizeof(ap_lua_vm_spec)); spec->scope = cfg->vm_scope; spec->pool = r->pool; spec->package_paths = cfg->package_paths; spec->package_cpaths = cfg->package_cpaths; spec->cb = &lua_open_callback; spec->cb_arg = NULL; spec->bytecode = bytecode; spec->bytecode_len = bytecode_len; spec->codecache = (cfg->codecache == AP_LUA_CACHE_UNSET) ? AP_LUA_CACHE_STAT : cfg->codecache; if (filename) { char *file; apr_filepath_merge(&file, server_cfg->root_path, filename, APR_FILEPATH_NOTRELATIVE, r->pool); spec->file = file; } else { spec->file = r->filename; } ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, APLOGNO(02313) "%s details: scope: %s, file: %s, func: %s", what, scope_to_string(spec->scope), spec->file, function ? function : "-"); switch (spec->scope) { case AP_LUA_SCOPE_ONCE: case AP_LUA_SCOPE_UNSET: apr_pool_create(&pool, r->pool); break; case AP_LUA_SCOPE_REQUEST: pool = r->pool; break; case AP_LUA_SCOPE_CONN: pool = r->connection->pool; break; #if APR_HAS_THREADS case AP_LUA_SCOPE_THREAD: pool = apr_thread_pool_get(r->connection->current_thread); break; #endif default: ap_assert(0); } *lifecycle_pool = pool; return spec; } /** * "main" */ static int lua_handler(request_rec *r) { if (strcmp(r->handler, "lua-script")) { return DECLINED; } ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, APLOGNO(01472) "handling [%s] in mod_lua", r->filename); /* XXX: This seems wrong because it may generate wrong headers for HEAD requests */ if (!r->header_only) { lua_State *L; apr_pool_t *pool; const ap_lua_dir_cfg *cfg = ap_get_module_config(r->per_dir_config, &lua_module); ap_lua_vm_spec *spec = create_vm_spec(&pool, r, cfg, NULL, NULL, NULL, 0, "handle", "request handler"); L = ap_lua_get_lua_state(pool, spec, r); if (!L) { /* TODO annotate spec with failure reason */ r->status = HTTP_INTERNAL_SERVER_ERROR; ap_rputs("Unable to compile VM, see logs", r); return HTTP_INTERNAL_SERVER_ERROR; } ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r, APLOGNO(01474) "got a vm!"); lua_getglobal(L, "handle"); if (!lua_isfunction(L, -1)) { ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, APLOGNO(01475) "lua: Unable to find function %s in %s", "handle", spec->file); return HTTP_INTERNAL_SERVER_ERROR; } ap_lua_run_lua_request(L, r); if (lua_pcall(L, 1, 0, 0)) { report_lua_error(L, r); } } return OK; } /* ---------------- Configury stuff --------------- */ /** harnesses for magic hooks **/ static int lua_request_rec_hook_harness(request_rec *r, const char *name, int apr_hook_when) { int rc; apr_pool_t *pool; lua_State *L; ap_lua_vm_spec *spec; ap_lua_server_cfg *server_cfg = ap_get_module_config(r->server->module_config, &lua_module); const ap_lua_dir_cfg *cfg = ap_get_module_config(r->per_dir_config, &lua_module); const char *key = apr_psprintf(r->pool, "%s_%d", name, apr_hook_when); apr_array_header_t *hook_specs = apr_hash_get(cfg->hooks, key, APR_HASH_KEY_STRING); if (hook_specs) { int i; for (i = 0; i < hook_specs->nelts; i++) { ap_lua_mapped_handler_spec *hook_spec = ((ap_lua_mapped_handler_spec **) hook_specs->elts)[i]; if (hook_spec == NULL) { continue; } spec = create_vm_spec(&pool, r, cfg, server_cfg, hook_spec->file_name, hook_spec->bytecode, hook_spec->bytecode_len, hook_spec->function_name, "request hook"); L = ap_lua_get_lua_state(pool, spec, r); if (!L) { ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, APLOGNO(01477) "lua: Failed to obtain lua interpreter for %s %s", hook_spec->function_name, hook_spec->file_name); return HTTP_INTERNAL_SERVER_ERROR; } if (hook_spec->function_name != NULL) { lua_getglobal(L, hook_spec->function_name); if (!lua_isfunction(L, -1)) { ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, APLOGNO(01478) "lua: Unable to find function %s in %s", hook_spec->function_name, hook_spec->file_name); return HTTP_INTERNAL_SERVER_ERROR; } ap_lua_run_lua_request(L, r); } else { int t; ap_lua_run_lua_request(L, r); t = lua_gettop(L); lua_setglobal(L, "r"); lua_settop(L, t); } if (lua_pcall(L, 1, 1, 0)) { report_lua_error(L, r); return HTTP_INTERNAL_SERVER_ERROR; } rc = DECLINED; if (lua_isnumber(L, -1)) { rc = lua_tointeger(L, -1); } if (rc != DECLINED) { return rc; } } } return DECLINED; } static apr_size_t config_getstr(ap_configfile_t *cfg, char *buf, size_t bufsiz) { apr_size_t i = 0; if (cfg->getstr) { apr_status_t rc = (cfg->getstr) (buf, bufsiz, cfg->param); if (rc == APR_SUCCESS) { i = strlen(buf); if (i && buf[i - 1] == '\n') ++cfg->line_number; } else { buf[0] = '\0'; i = 0; } } else { while (i < bufsiz) { char ch; apr_status_t rc = (cfg->getch) (&ch, cfg->param); if (rc != APR_SUCCESS) break; buf[i++] = ch; if (ch == '\n') { ++cfg->line_number; break; } } } return i; } typedef struct cr_ctx { cmd_parms *cmd; ap_configfile_t *cfp; size_t startline; const char *endstr; char buf[HUGE_STRING_LEN]; } cr_ctx; /* Okay, this deserves a little explaination -- in order for the errors that lua * generates to be 'accuarate', including line numbers, we basically inject * N line number new lines into the 'top' of the chunk reader..... * * be happy. this is cool. * */ static const char *lf = "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"; #define N_LF 32 static const char *direct_chunkreader(lua_State *lvm, void *udata, size_t *plen) { const char *p; struct cr_ctx *ctx = udata; if (ctx->startline) { *plen = ctx->startline > N_LF ? N_LF : ctx->startline; ctx->startline -= *plen; return lf; } *plen = config_getstr(ctx->cfp, ctx->buf, HUGE_STRING_LEN); for (p = ctx->buf; isspace(*p); ++p); if (p[0] == '<' && p[1] == '/') { apr_size_t i = 0; while (i < strlen(ctx->endstr)) { if (tolower(p[i + 2]) != ctx->endstr[i]) return ctx->buf; ++i; } *plen = 0; return NULL; } /*fprintf(stderr, "buf read: %s\n", ctx->buf); */ return ctx->buf; } static int ldump_writer(lua_State *L, const void *b, size_t size, void *B) { (void) L; luaL_addlstring((luaL_Buffer *) B, (const char *) b, size); return 0; } typedef struct hack_section_baton { const char *name; ap_lua_mapped_handler_spec *spec; int apr_hook_when; } hack_section_baton; /* You can be unhappy now. * * This is uncool. * * When you create a
directive; hack_section_baton *baton = directive->data; const char *key = apr_psprintf(cmd->pool, "%s_%d", baton->name, baton->apr_hook_when); apr_array_header_t *hook_specs = apr_hash_get(cfg->hooks, key, APR_HASH_KEY_STRING); if (!hook_specs) { hook_specs = apr_array_make(cmd->pool, 2, sizeof(ap_lua_mapped_handler_spec *)); apr_hash_set(cfg->hooks, key, APR_HASH_KEY_STRING, hook_specs); } baton->spec->scope = cfg->vm_scope; *(ap_lua_mapped_handler_spec **) apr_array_push(hook_specs) = baton->spec; return NULL; } static const char *register_named_block_function_hook(const char *name, cmd_parms *cmd, void *mconfig, const char *line) { const char *function = NULL; ap_lua_mapped_handler_spec *spec; int when = APR_HOOK_MIDDLE; const char *endp = ap_strrchr_c(line, '>'); if (endp == NULL) { return apr_pstrcat(cmd->pool, cmd->cmd->name, "> directive missing closing '>'", NULL); } line = apr_pstrndup(cmd->temp_pool, line, endp - line); if (line[0]) { const char *word; word = ap_getword_conf(cmd->temp_pool, &line); if (word && *word) { function = apr_pstrdup(cmd->pool, word); } word = ap_getword_conf(cmd->temp_pool, &line); if (word && *word) { if (!strcasecmp("early", word)) { when = AP_LUA_HOOK_FIRST; } else if (!strcasecmp("late", word)) { when = AP_LUA_HOOK_LAST; } else { return apr_pstrcat(cmd->pool, cmd->cmd->name, "> 2nd argument must be 'early' or 'late'", NULL); } } } spec = apr_pcalloc(cmd->pool, sizeof(ap_lua_mapped_handler_spec)); { cr_ctx ctx; lua_State *lvm; char *tmp; int rv; ap_directive_t **current; hack_section_baton *baton; spec->file_name = apr_psprintf(cmd->pool, "%s:%u", cmd->config_file->name, cmd->config_file->line_number); if (function) { spec->function_name = (char *) function; } else { function = NULL; } ctx.cmd = cmd; tmp = apr_pstrdup(cmd->pool, cmd->err_directive->directive + 1); ap_str_tolower(tmp); ctx.endstr = tmp; ctx.cfp = cmd->config_file; ctx.startline = cmd->config_file->line_number; /* This lua State is used only to compile the input strings -> bytecode, so we don't need anything extra. */ lvm = luaL_newstate(); lua_settop(lvm, 0); rv = lua_load(lvm, direct_chunkreader, &ctx, spec->file_name); if (rv != 0) { const char *errstr = apr_pstrcat(cmd->pool, "Lua Error:", lua_tostring(lvm, -1), NULL); lua_close(lvm); return errstr; } else { luaL_Buffer b; luaL_buffinit(lvm, &b); lua_dump(lvm, ldump_writer, &b); luaL_pushresult(&b); spec->bytecode_len = lua_strlen(lvm, -1); spec->bytecode = apr_pstrmemdup(cmd->pool, lua_tostring(lvm, -1), spec->bytecode_len); lua_close(lvm); } current = mconfig; /* Here, we have to replace our current config node for the next pass */ if (!*current) { *current = apr_pcalloc(cmd->pool, sizeof(**current)); } baton = apr_pcalloc(cmd->pool, sizeof(hack_section_baton)); baton->name = name; baton->spec = spec; baton->apr_hook_when = when; (*current)->filename = cmd->config_file->name; (*current)->line_num = cmd->config_file->line_number; (*current)->directive = apr_pstrdup(cmd->pool, "Lua_____ByteCodeHack"); (*current)->args = NULL; (*current)->data = baton; } return NULL; } static const char *register_named_file_function_hook(const char *name, cmd_parms *cmd, void *_cfg, const char *file, const char *function, int apr_hook_when) { ap_lua_mapped_handler_spec *spec; ap_lua_dir_cfg *cfg = (ap_lua_dir_cfg *) _cfg; const char *key = apr_psprintf(cmd->pool, "%s_%d", name, apr_hook_when); apr_array_header_t *hook_specs = apr_hash_get(cfg->hooks, key, APR_HASH_KEY_STRING); if (!hook_specs) { hook_specs = apr_array_make(cmd->pool, 2, sizeof(ap_lua_mapped_handler_spec *)); apr_hash_set(cfg->hooks, key, APR_HASH_KEY_STRING, hook_specs); } spec = apr_pcalloc(cmd->pool, sizeof(ap_lua_mapped_handler_spec)); spec->file_name = apr_pstrdup(cmd->pool, file); spec->function_name = apr_pstrdup(cmd->pool, function); spec->scope = cfg->vm_scope; *(ap_lua_mapped_handler_spec **) apr_array_push(hook_specs) = spec; return NULL; } static int lua_check_user_id_harness_first(request_rec *r) { return lua_request_rec_hook_harness(r, "check_user_id", AP_LUA_HOOK_FIRST); } static int lua_check_user_id_harness(request_rec *r) { return lua_request_rec_hook_harness(r, "check_user_id", APR_HOOK_MIDDLE); } static int lua_check_user_id_harness_last(request_rec *r) { return lua_request_rec_hook_harness(r, "check_user_id", AP_LUA_HOOK_LAST); } static int lua_translate_name_harness_first(request_rec *r) { return lua_request_rec_hook_harness(r, "translate_name", AP_LUA_HOOK_FIRST); } static int lua_translate_name_harness(request_rec *r) { return lua_request_rec_hook_harness(r, "translate_name", APR_HOOK_MIDDLE); } static int lua_translate_name_harness_last(request_rec *r) { return lua_request_rec_hook_harness(r, "translate_name", AP_LUA_HOOK_LAST); } static int lua_fixup_harness(request_rec *r) { return lua_request_rec_hook_harness(r, "fixups", APR_HOOK_MIDDLE); } static int lua_map_to_storage_harness(request_rec *r) { return lua_request_rec_hook_harness(r, "map_to_storage", APR_HOOK_MIDDLE); } static int lua_type_checker_harness(request_rec *r) { return lua_request_rec_hook_harness(r, "type_checker", APR_HOOK_MIDDLE); } static int lua_access_checker_harness_first(request_rec *r) { return lua_request_rec_hook_harness(r, "access_checker", AP_LUA_HOOK_FIRST); } static int lua_access_checker_harness(request_rec *r) { return lua_request_rec_hook_harness(r, "access_checker", APR_HOOK_MIDDLE); } static int lua_access_checker_harness_last(request_rec *r) { return lua_request_rec_hook_harness(r, "access_checker", AP_LUA_HOOK_LAST); } static int lua_auth_checker_harness_first(request_rec *r) { return lua_request_rec_hook_harness(r, "auth_checker", AP_LUA_HOOK_FIRST); } static int lua_auth_checker_harness(request_rec *r) { return lua_request_rec_hook_harness(r, "auth_checker", APR_HOOK_MIDDLE); } static int lua_auth_checker_harness_last(request_rec *r) { return lua_request_rec_hook_harness(r, "auth_checker", AP_LUA_HOOK_LAST); } static void lua_insert_filter_harness(request_rec *r) { /* ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "LuaHookInsertFilter not yet implemented"); */ } static int lua_quick_harness(request_rec *r, int lookup) { if (lookup) { return DECLINED; } return lua_request_rec_hook_harness(r, "quick", APR_HOOK_MIDDLE); } static const char *register_translate_name_hook(cmd_parms *cmd, void *_cfg, const char *file, const char *function, const char *when) { const char *err = ap_check_cmd_context(cmd, NOT_IN_DIRECTORY|NOT_IN_FILES| NOT_IN_HTACCESS); int apr_hook_when = APR_HOOK_MIDDLE; if (err) { return err; } if (when) { if (!strcasecmp(when, "early")) { apr_hook_when = AP_LUA_HOOK_FIRST; } else if (!strcasecmp(when, "late")) { apr_hook_when = AP_LUA_HOOK_LAST; } else { return "Third argument must be 'early' or 'late'"; } } return register_named_file_function_hook("translate_name", cmd, _cfg, file, function, apr_hook_when); } static const char *register_translate_name_block(cmd_parms *cmd, void *_cfg, const char *line) { return register_named_block_function_hook("translate_name", cmd, _cfg, line); } static const char *register_fixups_hook(cmd_parms *cmd, void *_cfg, const char *file, const char *function) { return register_named_file_function_hook("fixups", cmd, _cfg, file, function, APR_HOOK_MIDDLE); } static const char *register_fixups_block(cmd_parms *cmd, void *_cfg, const char *line) { return register_named_block_function_hook("fixups", cmd, _cfg, line); } static const char *register_map_to_storage_hook(cmd_parms *cmd, void *_cfg, const char *file, const char *function) { return register_named_file_function_hook("map_to_storage", cmd, _cfg, file, function, APR_HOOK_MIDDLE); } static const char *register_map_to_storage_block(cmd_parms *cmd, void *_cfg, const char *line) { return register_named_block_function_hook("map_to_storage", cmd, _cfg, line); } static const char *register_check_user_id_hook(cmd_parms *cmd, void *_cfg, const char *file, const char *function, const char *when) { int apr_hook_when = APR_HOOK_MIDDLE; if (when) { if (!strcasecmp(when, "early")) { apr_hook_when = AP_LUA_HOOK_FIRST; } else if (!strcasecmp(when, "late")) { apr_hook_when = AP_LUA_HOOK_LAST; } else { return "Third argument must be 'early' or 'late'"; } } return register_named_file_function_hook("check_user_id", cmd, _cfg, file, function, apr_hook_when); } static const char *register_check_user_id_block(cmd_parms *cmd, void *_cfg, const char *line) { return register_named_block_function_hook("check_user_id", cmd, _cfg, line); } static const char *register_type_checker_hook(cmd_parms *cmd, void *_cfg, const char *file, const char *function) { return register_named_file_function_hook("type_checker", cmd, _cfg, file, function, APR_HOOK_MIDDLE); } static const char *register_type_checker_block(cmd_parms *cmd, void *_cfg, const char *line) { return register_named_block_function_hook("type_checker", cmd, _cfg, line); } static const char *register_access_checker_hook(cmd_parms *cmd, void *_cfg, const char *file, const char *function, const char *when) { int apr_hook_when = APR_HOOK_MIDDLE; if (when) { if (!strcasecmp(when, "early")) { apr_hook_when = AP_LUA_HOOK_FIRST; } else if (!strcasecmp(when, "late")) { apr_hook_when = AP_LUA_HOOK_LAST; } else { return "Third argument must be 'early' or 'late'"; } } return register_named_file_function_hook("access_checker", cmd, _cfg, file, function, apr_hook_when); } static const char *register_access_checker_block(cmd_parms *cmd, void *_cfg, const char *line) { return register_named_block_function_hook("access_checker", cmd, _cfg, line); } static const char *register_auth_checker_hook(cmd_parms *cmd, void *_cfg, const char *file, const char *function, const char *when) { int apr_hook_when = APR_HOOK_MIDDLE; if (when) { if (!strcasecmp(when, "early")) { apr_hook_when = AP_LUA_HOOK_FIRST; } else if (!strcasecmp(when, "late")) { apr_hook_when = AP_LUA_HOOK_LAST; } else { return "Third argument must be 'early' or 'late'"; } } return register_named_file_function_hook("auth_checker", cmd, _cfg, file, function, apr_hook_when); } static const char *register_auth_checker_block(cmd_parms *cmd, void *_cfg, const char *line) { return register_named_block_function_hook("auth_checker", cmd, _cfg, line); } static const char *register_insert_filter_hook(cmd_parms *cmd, void *_cfg, const char *file, const char *function) { return "LuaHookInsertFilter not yet implemented"; } static const char *register_quick_hook(cmd_parms *cmd, void *_cfg, const char *file, const char *function) { const char *err = ap_check_cmd_context(cmd, NOT_IN_DIRECTORY|NOT_IN_FILES| NOT_IN_HTACCESS); if (err) { return err; } return register_named_file_function_hook("quick", cmd, _cfg, file, function, APR_HOOK_MIDDLE); } static const char *register_quick_block(cmd_parms *cmd, void *_cfg, const char *line) { return register_named_block_function_hook("quick", cmd, _cfg, line); } static const char *register_package_helper(cmd_parms *cmd, const char *arg, apr_array_header_t *dir_array) { apr_status_t rv; ap_lua_server_cfg *server_cfg = ap_get_module_config(cmd->server->module_config, &lua_module); char *fixed_filename; rv = apr_filepath_merge(&fixed_filename, server_cfg->root_path, arg, APR_FILEPATH_NOTRELATIVE, cmd->pool); if (rv != APR_SUCCESS) { return apr_psprintf(cmd->pool, "Unable to build full path to file, %s", arg); } *(const char **) apr_array_push(dir_array) = fixed_filename; return NULL; } /** * Called for config directive which looks like * LuaPackagePath /lua/package/path/mapped/thing/like/this/?.lua */ static const char *register_package_dir(cmd_parms *cmd, void *_cfg, const char *arg) { ap_lua_dir_cfg *cfg = (ap_lua_dir_cfg *) _cfg; return register_package_helper(cmd, arg, cfg->package_paths); } /** * Called for config directive which looks like * LuaPackageCPath /lua/package/path/mapped/thing/like/this/?.so */ static const char *register_package_cdir(cmd_parms *cmd, void *_cfg, const char *arg) { ap_lua_dir_cfg *cfg = (ap_lua_dir_cfg *) _cfg; return register_package_helper(cmd, arg, cfg->package_cpaths); } static const char *register_lua_inherit(cmd_parms *cmd, void *_cfg, const char *arg) { ap_lua_dir_cfg *cfg = (ap_lua_dir_cfg *) _cfg; if (strcasecmp("none", arg) == 0) { cfg->inherit = AP_LUA_INHERIT_NONE; } else if (strcasecmp("parent-first", arg) == 0) { cfg->inherit = AP_LUA_INHERIT_PARENT_FIRST; } else if (strcasecmp("parent-last", arg) == 0) { cfg->inherit = AP_LUA_INHERIT_PARENT_LAST; } else { return apr_psprintf(cmd->pool, "LuaInherit type of '%s' not recognized, valid " "options are 'none', 'parent-first', and 'parent-last'", arg); } return NULL; } static const char *register_lua_codecache(cmd_parms *cmd, void *_cfg, const char *arg) { ap_lua_dir_cfg *cfg = (ap_lua_dir_cfg *) _cfg; if (strcasecmp("never", arg) == 0) { cfg->codecache = AP_LUA_CACHE_NEVER; } else if (strcasecmp("stat", arg) == 0) { cfg->codecache = AP_LUA_CACHE_STAT; } else if (strcasecmp("forever", arg) == 0) { cfg->codecache = AP_LUA_CACHE_FOREVER; } else { return apr_psprintf(cmd->pool, "LuaCodeCache type of '%s' not recognized, valid " "options are 'never', 'stat', and 'forever'", arg); } return NULL; } static const char *register_lua_scope(cmd_parms *cmd, void *_cfg, const char *scope, const char *min, const char *max) { ap_lua_dir_cfg *cfg = (ap_lua_dir_cfg *) _cfg; if (strcmp("once", scope) == 0) { cfg->vm_scope = AP_LUA_SCOPE_ONCE; } else if (strcmp("request", scope) == 0) { cfg->vm_scope = AP_LUA_SCOPE_REQUEST; } else if (strcmp("conn", scope) == 0) { cfg->vm_scope = AP_LUA_SCOPE_CONN; } else if (strcmp("thread", scope) == 0) { #if !APR_HAS_THREADS return apr_psprintf(cmd->pool, "Scope type of '%s' cannot be used because this " "server does not have threading support " "(APR_HAS_THREADS)" scope); #endif cfg->vm_scope = AP_LUA_SCOPE_THREAD; } else { return apr_psprintf(cmd->pool, "Invalid value for LuaScope, '%s', acceptable " "values are: 'once', 'request', 'conn', 'server'" #if APR_HAS_THREADS ", 'thread'" #endif ,scope); } return NULL; } static const char *register_lua_root(cmd_parms *cmd, void *_cfg, const char *root) { /* ap_lua_dir_cfg* cfg = (ap_lua_dir_cfg*)_cfg; */ ap_lua_server_cfg *cfg = ap_get_module_config(cmd->server->module_config, &lua_module); cfg->root_path = root; return NULL; } AP_LUA_DECLARE(const char *) ap_lua_ssl_val(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, const char *var) { if (lua_ssl_val) { return (const char *)lua_ssl_val(p, s, c, r, (char *)var); } return NULL; } AP_LUA_DECLARE(int) ap_lua_ssl_is_https(conn_rec *c) { return lua_ssl_is_https ? lua_ssl_is_https(c) : 0; } /*******************************/ static const char *lua_authz_parse(cmd_parms *cmd, const char *require_line, const void **parsed_require_line) { const char *provider_name; lua_authz_provider_spec *spec; apr_pool_userdata_get((void**)&provider_name, AUTHZ_PROVIDER_NAME_NOTE, cmd->temp_pool); ap_assert(provider_name != NULL); spec = apr_hash_get(lua_authz_providers, provider_name, APR_HASH_KEY_STRING); ap_assert(spec != NULL); if (require_line && *require_line) { const char *arg; spec->args = apr_array_make(cmd->pool, 2, sizeof(const char *)); while ((arg = ap_getword_conf(cmd->pool, &require_line)) && *arg) { APR_ARRAY_PUSH(spec->args, const char *) = arg; } } *parsed_require_line = spec; return NULL; } static authz_status lua_authz_check(request_rec *r, const char *require_line, const void *parsed_require_line) { apr_pool_t *pool; ap_lua_vm_spec *spec; lua_State *L; ap_lua_server_cfg *server_cfg = ap_get_module_config(r->server->module_config, &lua_module); const ap_lua_dir_cfg *cfg = ap_get_module_config(r->per_dir_config, &lua_module); const lua_authz_provider_spec *prov_spec = parsed_require_line; int result; int nargs = 0; spec = create_vm_spec(&pool, r, cfg, server_cfg, prov_spec->file_name, NULL, 0, prov_spec->function_name, "authz provider"); L = ap_lua_get_lua_state(pool, spec, r); if (L == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02314) "Unable to compile VM for authz provider %s", prov_spec->name); return AUTHZ_GENERAL_ERROR; } lua_getglobal(L, prov_spec->function_name); if (!lua_isfunction(L, -1)) { ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, APLOGNO(02319) "Unable to find function %s in %s", prov_spec->function_name, prov_spec->file_name); return AUTHZ_GENERAL_ERROR; } ap_lua_run_lua_request(L, r); if (prov_spec->args) { int i; if (!lua_checkstack(L, prov_spec->args->nelts)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02315) "Error: authz provider %s: too many arguments", prov_spec->name); return AUTHZ_GENERAL_ERROR; } for (i = 0; i < prov_spec->args->nelts; i++) { const char *arg = APR_ARRAY_IDX(prov_spec->args, i, const char *); lua_pushstring(L, arg); } nargs = prov_spec->args->nelts; } if (lua_pcall(L, 1 + nargs, 1, 0)) { const char *err = lua_tostring(L, -1); ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02316) "Error executing authz provider %s: %s", prov_spec->name, err); return AUTHZ_GENERAL_ERROR; } if (!lua_isnumber(L, -1)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02317) "Error: authz provider %s did not return integer", prov_spec->name); return AUTHZ_GENERAL_ERROR; } result = lua_tointeger(L, -1); switch (result) { case AUTHZ_DENIED: case AUTHZ_GRANTED: case AUTHZ_NEUTRAL: case AUTHZ_GENERAL_ERROR: case AUTHZ_DENIED_NO_USER: return result; default: ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02318) "Error: authz provider %s: invalid return value %d", prov_spec->name, result); } return AUTHZ_GENERAL_ERROR; } static const authz_provider lua_authz_provider = { &lua_authz_check, &lua_authz_parse, }; static const char *register_authz_provider(cmd_parms *cmd, void *_cfg, const char *name, const char *file, const char *function) { lua_authz_provider_spec *spec; const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE); if (err) return err; spec = apr_pcalloc(cmd->pool, sizeof(*spec)); spec->name = name; spec->file_name = file; spec->function_name = function; apr_hash_set(lua_authz_providers, name, APR_HASH_KEY_STRING, spec); ap_register_auth_provider(cmd->pool, AUTHZ_PROVIDER_GROUP, name, AUTHZ_PROVIDER_VERSION, &lua_authz_provider, AP_AUTH_INTERNAL_PER_CONF); return NULL; } command_rec lua_commands[] = { AP_INIT_TAKE1("LuaRoot", register_lua_root, NULL, OR_ALL, "Specify the base path for resolving relative paths for mod_lua directives"), AP_INIT_TAKE1("LuaPackagePath", register_package_dir, NULL, OR_ALL, "Add a directory to lua's package.path"), AP_INIT_TAKE1("LuaPackageCPath", register_package_cdir, NULL, OR_ALL, "Add a directory to lua's package.cpath"), AP_INIT_TAKE3("LuaAuthzProvider", register_authz_provider, NULL, RSRC_CONF|EXEC_ON_READ, "Provide an authorization provider"), AP_INIT_TAKE23("LuaHookTranslateName", register_translate_name_hook, NULL, OR_ALL, "Provide a hook for the translate name phase of request processing"), AP_INIT_RAW_ARGS("package_paths = apr_array_make(p, 2, sizeof(char *)); cfg->package_cpaths = apr_array_make(p, 2, sizeof(char *)); cfg->mapped_handlers = apr_array_make(p, 1, sizeof(ap_lua_mapped_handler_spec *)); cfg->pool = p; cfg->hooks = apr_hash_make(p); cfg->dir = apr_pstrdup(p, dir); cfg->vm_scope = AP_LUA_SCOPE_UNSET; return cfg; } static int create_request_config(request_rec *r) { ap_lua_request_cfg *cfg = apr_palloc(r->pool, sizeof(ap_lua_request_cfg)); cfg->mapped_request_details = NULL; cfg->request_scoped_vms = apr_hash_make(r->pool); ap_set_module_config(r->request_config, &lua_module, cfg); return OK; } static void *create_server_config(apr_pool_t *p, server_rec *s) { ap_lua_server_cfg *cfg = apr_pcalloc(p, sizeof(ap_lua_server_cfg)); cfg->vm_reslists = apr_hash_make(p); apr_thread_rwlock_create(&cfg->vm_reslists_lock, p); cfg->root_path = NULL; return cfg; } static int lua_request_hook(lua_State *L, request_rec *r) { ap_lua_push_request(L, r); return OK; } static int lua_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) { lua_ssl_val = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); lua_ssl_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https); return OK; } static void *overlay_hook_specs(apr_pool_t *p, const void *key, apr_ssize_t klen, const void *overlay_val, const void *base_val, const void *data) { const apr_array_header_t *overlay_info = (const apr_array_header_t*)overlay_val; const apr_array_header_t *base_info = (const apr_array_header_t*)base_val; return apr_array_append(p, base_info, overlay_info); } static void *merge_dir_config(apr_pool_t *p, void *basev, void *overridesv) { ap_lua_dir_cfg *a, *base, *overrides; a = (ap_lua_dir_cfg *)apr_pcalloc(p, sizeof(ap_lua_dir_cfg)); base = (ap_lua_dir_cfg*)basev; overrides = (ap_lua_dir_cfg*)overridesv; a->pool = overrides->pool; a->dir = apr_pstrdup(p, overrides->dir); a->vm_scope = (overrides->vm_scope == AP_LUA_SCOPE_UNSET) ? base->vm_scope: overrides->vm_scope; a->inherit = (overrides->inherit== AP_LUA_INHERIT_UNSET) ? base->inherit : overrides->inherit; a->codecache = (overrides->codecache== AP_LUA_CACHE_UNSET) ? base->codecache : overrides->codecache; if (a->inherit == AP_LUA_INHERIT_UNSET || a->inherit == AP_LUA_INHERIT_PARENT_FIRST) { a->package_paths = apr_array_append(p, base->package_paths, overrides->package_paths); a->package_cpaths = apr_array_append(p, base->package_cpaths, overrides->package_cpaths); a->mapped_handlers = apr_array_append(p, base->mapped_handlers, overrides->mapped_handlers); a->hooks = apr_hash_merge(p, overrides->hooks, base->hooks, overlay_hook_specs, NULL); } else if (a->inherit == AP_LUA_INHERIT_PARENT_LAST) { a->package_paths = apr_array_append(p, overrides->package_paths, base->package_paths); a->package_cpaths = apr_array_append(p, overrides->package_cpaths, base->package_cpaths); a->mapped_handlers = apr_array_append(p, overrides->mapped_handlers, base->mapped_handlers); a->hooks = apr_hash_merge(p, base->hooks, overrides->hooks, overlay_hook_specs, NULL); } else { a->package_paths = overrides->package_paths; a->package_cpaths = overrides->package_cpaths; a->mapped_handlers= overrides->mapped_handlers; a->hooks= overrides->hooks; } return a; } static void lua_register_hooks(apr_pool_t *p) { /* ap_register_output_filter("luahood", luahood, NULL, AP_FTYPE_RESOURCE); */ ap_hook_handler(lua_handler, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_create_request(create_request_config, NULL, NULL, APR_HOOK_MIDDLE); /* http_request.h hooks */ ap_hook_translate_name(lua_translate_name_harness_first, NULL, NULL, AP_LUA_HOOK_FIRST); ap_hook_translate_name(lua_translate_name_harness, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_translate_name(lua_translate_name_harness_last, NULL, NULL, AP_LUA_HOOK_LAST); ap_hook_fixups(lua_fixup_harness, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_map_to_storage(lua_map_to_storage_harness, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_check_user_id(lua_check_user_id_harness_first, NULL, NULL, AP_LUA_HOOK_FIRST); ap_hook_check_user_id(lua_check_user_id_harness, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_check_user_id(lua_check_user_id_harness_last, NULL, NULL, AP_LUA_HOOK_LAST); ap_hook_type_checker(lua_type_checker_harness, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_access_checker(lua_access_checker_harness_first, NULL, NULL, AP_LUA_HOOK_FIRST); ap_hook_access_checker(lua_access_checker_harness, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_access_checker(lua_access_checker_harness_last, NULL, NULL, AP_LUA_HOOK_LAST); ap_hook_auth_checker(lua_auth_checker_harness_first, NULL, NULL, AP_LUA_HOOK_FIRST); ap_hook_auth_checker(lua_auth_checker_harness, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_auth_checker(lua_auth_checker_harness_last, NULL, NULL, AP_LUA_HOOK_LAST); ap_hook_insert_filter(lua_insert_filter_harness, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_quick_handler(lua_quick_harness, NULL, NULL, APR_HOOK_FIRST); ap_hook_post_config(lua_post_config, NULL, NULL, APR_HOOK_MIDDLE); APR_OPTIONAL_HOOK(ap_lua, lua_open, lua_open_hook, NULL, NULL, APR_HOOK_REALLY_FIRST); APR_OPTIONAL_HOOK(ap_lua, lua_request, lua_request_hook, NULL, NULL, APR_HOOK_REALLY_FIRST); /* providers */ lua_authz_providers = apr_hash_make(p); } AP_DECLARE_MODULE(lua) = { STANDARD20_MODULE_STUFF, create_dir_config, /* create per-dir config structures */ merge_dir_config, /* merge per-dir config structures */ create_server_config, /* create per-server config structures */ NULL, /* merge per-server config structures */ lua_commands, /* table of config file commands */ lua_register_hooks /* register hooks */ };